Basic authentication
Hi, I'm having a bit of trouble authenticating users. The script I have works, but only a couple of times before it just sends out 401 without prompting the user for their details. We have mod_perl 1.99_05 installed, we don't want to upgrade as we would have more applications to upgrade than time. Any help/questions would be appreciated. The problem script is below: use strict; use Apache::Const qw(OK AUTH_REQUIRED); use lib qw(/var/www/html/opbms/libs); use CheckLogin; use CreateFrames; my $r = shift; print Content-Type:text/html\n\n; my ($status, $password) = $r-get_basic_auth_pw; if ($status != OK) { $r-status($status); exit($status); } my $ip = '127.0.0.1'; my $port = 31555; if (CheckLogin::Check($r-user, $password, $port, $ip) eq '1') { CreateFrames::Create($r-user, $password, $port, $ip); } else { $r-note_basic_auth_failure; $r-status(AUTH_REQUIRED); exit(AUTH_REQUIRED); } Cheers!! This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com
Re: Basic authentication
Stephen Hardisty wrote: Hi, I'm having a bit of trouble authenticating users. The script I have works, but only a couple of times before it just sends out 401 without prompting the user for their details. We have mod_perl 1.99_05 installed, we don't want to upgrade as we would have more applications to upgrade than time. Any help/questions would be appreciated. The problem script is below: use strict; use Apache::Const qw(OK AUTH_REQUIRED); use lib qw(/var/www/html/opbms/libs); use CheckLogin; use CreateFrames; my $r = shift; print Content-Type:text/html\n\n; don't do that - AUTH_REQUIRED is an error status, so apache will send it's own set of headers. my ($status, $password) = $r-get_basic_auth_pw; if ($status != OK) { $r-status($status); exit($status); } yike! you shouldn't ever play with $r-status. calling exit is also not the standard way. examples of auth handlers abound, so you should really just be following them - even though you are using mod_perl 2.0, the API is really the same wrt get_basic_auth_pw() etc. some examples include the many, many modules on CPAN. you can also find detailed auth examples in http://www.modperlcookbook.org/chapters/ch13.pdf and http://www.modperlcookbook.org/code/ch13/ specifically http://www.modperlcookbook.org/code/ch13/Cookbook/Authenticate.pm HTH --Geoff
Re: mod_perl Basic Authentication problem using PerlAuthenHandler
Thank you... cant believe I missed that... was to excited about the ability to do my own auth program I added allow from x.x.x.x and it worked great Thank you. - Original Message - From: Geoffrey Young [EMAIL PROTECTED] To: Jason [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, April 17, 2002 6:21 PM Subject: Re: mod_perl Basic Authentication problem using PerlAuthenHandler Jason wrote: In httpd.conf i have Location /~jter [snip] Deny from all /Location [snip] It warns to the log file and returns But the problem is, why does my browser come up forbidden I suspect Deny from all is the issue... the PerlAccessHandler will run before the apache default mod_access gets the chance to implement the Deny rule. on a successful login, your PerlAccessHandler will return OK, which is then denied by mod_access, resulting in a FORBIDDEN message. unlike with the PerlAuthenHandler, which immediately terminates on the first OK, the PerlAccessHandler will keep going in search of failure. Has anybody gotten this to sucessfully work? yes :) you may be interested in chapter 13 of the cookbook, which should help clarify things somewhat. --Geoff
mod_perl Basic Authentication problem using PerlAuthenHandler
In httpd.conf i have Location /~jter PerlAccessHandler ApacheAuthentication PerlSetVar Intranet 65.103.229.188 = joe, 10.10.10.2 = userB PerlAuthenHandler ApacheAuthentication AuthName realm AuthType Basic Require valid-user Order deny,allow Deny from all /Location And my module is package ApacheAuthentication; #use strict; use Apache::Constants qw(:common); use Apache::URI; use Apache::File; sub handler { my $r = shift; # get user's authentication credentials my ($res, $sent_pw) = $r-get_basic_auth_pw; return $res if $res != OK; my $user = $r-connection-user; # authenticate through DBI my $reason = authen_dbi($r, $user, $sent_pw); if ($reason) { $r-note_basic_auth_failure; $r-log_reason($reason, $r-uri); return AUTH_REQUIRED; } warn FINISHED $user $sent_pw; return OK; } It warns to the log file and returns But the problem is, why does my browser come up forbidden Has anybody gotten this to sucessfully work? Server Version: Apache/1.3.22 (Unix) PHP/4.0.6 mod_perl/1.26 mod_ssl/2.8.5 OpenSSL/0.9.6b Thanks in advance